7. The Bedrock of Cybersecurity: Cryptography 157 scheme. Product means multiple cryptographic schemes are used in sequence. For example, in a product, one cryptographic technique is applied first to transform the plaintext into intermediary ciphertext, and then another is applied to the intermediary ciphertext to transform it into the final ciphertext. Monoalphabetic substitution (MS) can be used with double transposition (DT) to create a stronger cryptographic scheme: MS × DT = MSDT. MSDT would not conceal the single letter frequencies (e.g., the letter E would still be easily identifiable), but it would obscure bigram and trigram frequencies, and it would force cryptanalysts to do more work. MSDT is a new cryptographic scheme that is stronger than either of the individual schemes alone. It also forces the communicating parties to do more work to encrypt and decrypt messages. Cryptographic schemes can always do more substituting and transposing, but it comes at a cost. The same cryptographic scheme can also be applied multiple times, but the result is not necessarily stronger cryptography. For example, applying the monoalphabetic substitution cipher twice using two different keys produces ciphertext that could have just been directly produced with a third key, i.e., MSKEY-A × MSKEY-B = MSKEY-C. The third key is just a different key in the monoalphabetic substitution keyspace—it is not a “better key.” Double MS requires twice as much work encrypting and decrypting messages, but it yields no extra cryptographic strength! A fun example of a product of a cryptographic scheme is the dreaded double ROT-13 cipher. Double ROT-13 = ROT-13 × ROT-13. Applying ROT13 twice yields plaintext! “They must have been using double ROT-13 encryption” is a facetious way of saying that cryptography should have been employed to conceal sensitive information, but to the embarrassment of the communicating parties, it was not and their plaintext messages were exposed. 7.2 Computer Cryptography “The development of computer controlled communication networks promises effortless and inexpensive contact between people or computers on opposite sides of the world…these contacts must be made secure against both eavesdropping and the injection of illegitimate messages…Contemporary cryptography is unable to meet the requirements.” - “New Directions in Cryptography” by Diffie and Hellman The primary way that confidentiality (preventing the unauthorized reading of messages) is preserved in cyberspace is through computer cryptography. In the classic cryptography examples above, English letters and words were encrypted to create ciphertext. But computers do not “understand” English. As we learned in Chapter 2, they are restricted to operating on only two types of signals: on and off. We commonly refer to these signals as 1s and 0s, or bits. So, to a computer, attack at dawn looks like this: 11000011110100111010011000011100011110101111000011110100110010011000 0111101111101110
RkJQdWJsaXNoZXIy MTM4ODY=